GNU bug report logs -
#12366
[gnu-prog-discuss] Writing unwritable files
Previous Next
Reported by: Paolo Bonzini <bonzini <at> gnu.org>
Date: Thu, 6 Sep 2012 12:14:01 UTC
Severity: normal
Done: Jim Meyering <meyering <at> hx.meyering.net>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Paul Eggert wrote:
> Paolo Bonzini wrote:
> > Atomic file replacement is what matters for security.
>
> Unfortunately, 'sed's use of atomic file replacement does not
> suffice for security.
>
> For example, suppose sysadmins (mistakenly) followed the practice of
> using 'sed -i' to remove users from /etc/passwd. And suppose there
> are two misbehaving users moe and larry, and two sysadmins bonzini and
> eggert. bonzini discovers that moe's misbehaving, and types:
>
> sed -i '/^moe:/d' /etc/passwd
Using /etc/passwd isn't a good example because system convention
dictates that a /etc/passwd.lock must be observed for any edits there
specifically for the problem you are illustrating. The above would
not be correct even if sed were fully atomic overall.
> Of course one could wrap 'sed -i' inside a larger script, that
> arranges for atomicity at the end-user level.
Right. The 'vipw' script for example. :-)
[I have abused the EDITOR variable for that purpose many times. Set it
to either an inline script or to a real script and use it to safely
edit these types of files. More with 'visudo' though.]
Bob
This bug report was last modified 12 years and 232 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.